Newsletters: Newsbites

SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.

Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.

Volume XII - Issue #3

January 12, 2010

Really useful security meeting coming up in early February: Application Security Summit in San Francisco February 4-5. Focusing on the new attack vectors that will do the most damage in 2010, PCI Compliance in application security, which tools actually work, more, plus the new Secure Coding in .NET class along with Secure coding in JAVA and PHP and Web Penetration Testing and Web Defense. http://www.sans.org/appsec-2010/summit.php

TOP OF THE NEWS

Judge Says RealDVD is "Almost Certainly Illegal" (January 11, 2010)

US District Judge Marilyn Patel has rejected RealNetworks' argument that the Motion Picture Association of America (MPAA) is a "price-fixing cartel" that prevents the distribution of products capable of decrypting DVDs. RealNetworks made the argument in an attempt to convince the judge to lift a distribution ban on its RealDVD software, which allows users to copy DVDs to their hard drives. The MPAA and other plaintiffs brought the suit against RealNetworks more than a year ago, alleging that the RealDVD software is illegal because it circumvents legitimate copyright protection technology. In rejecting RealNetworks' claim, Judge Patel wrote that its "purported injury stems from its own decision to manufacture and traffic in a device that is almost certainly illegal under the DMCA (Digital Millennium Copyright Act)." The US legal system has never directly addressed consumers' rights to make copies of DVDs they purchase legitimately; the court cases have focused instead on the technology developers and purveyors.-http://www.wired.com/threatlevel/2010/01/judge-slams-mpaa-cartel-allegations/

This is the course I wish I had taken 30 years ago. Folks, it doesn't make sense to wait till you are in a management position to focus on your management and leadership skills. Leadership is a race of endurance, not a sprint; you want to start early and be persistent. If you can improve one or two percent in a year, that is a major achievement. This course will set you on the path. It is a solid blend of tons of research as well as personal experience from a number of leaders in information security.

THE REST OF THE WEEK'S NEWS

South Korean Military to Ban USB Drives (January 11, 2010)

The South Korean military says it will ban the use of USB drives. The South Korean military is building a new data transfer system; once that system is complete, use of USB drives will no longer be permitted. The decision comes in the wake of attempts to infiltrate South Korean military computer systems. Last year, information about a joint South Korea/US military contingency plan was compromised due to the use of a portable storage device.-http://gcn.com/articles/2010/01/11/korea-bans-flash-drives.aspx

[Editor's Note (Ullrich): Data sharing is always a question of trust. If you can't trust the origin of the data, or the origin of the devices used to share the data, the transfer mechanism doesn't matter. ]

[Editor's Note (Ullrich): The USB flaw disclosure misses an important detail. The reliance on software to unlock the key was only part of the problem. The (maybe worse) fact is that all USB devices of this type use one and the same key to encrypt data. It is not clear what people will receive who exchange these USB devices. Maybe a set of new devices who will again all have the same but different key? ]

Incident Handling Certification Now The Top For Premium Security Pay (January 12, 2009)

The American National Standards Institute has accredited the GIAC Certified Incident Handler certification, and the same certification was recently ranked as the No. 1 security certification that organizations pay a salary premium for, according to IT employment analysts with Foote Partners. Government security service providers that have invested in SANS training and GIAC certification for their employees or who have hired employees who already have GIAC certifications will be able to use those credentials to differentiate their services from others. Last week three of the major GIAC tracks were accredited under the ANSI/ISO/IEC 17024 Personnel Certification program.-http://www.channelinsider.com/c/a/Careers/Three-GIAC-Security-Certifications-Gain-More-Clout--198225/

[Editor's Note (Pescatore): These closed "marketplaces" like on the iPhone and Android phones have great potential to be a boon to security. They are essentially whitelisting that users don't complain about - because there are so many application choices, it doesn't feel like lockdown to the users. However, the marketplaces do need to raise the bar on application certification to include stronger security analysis. But just the fact that an app can be quickly removed from the marketplace is a huge advance over wide open operating systems like Windows and Linux. ]

A federal appeals court panel is questioning the Federal Communications Commission's (FCC) authority to impose net neutrality rules on Comcast. The telecommunications company is challenging a 2008 FCC order that prohibited the company from blocking its broadband users from using BitTorrent. Internet companies are in favor of net neutrality rules, maintaining that without them, the broadband providers would give preference to traffic from customers who pay premiums and could potentially block or slow traffic from sites that compete with the providers' offerings. The providers say they are entitled to seek returns on their investments by offering premium services, and that by blocking services like BitTorrent, they prevent excessive amounts of bandwidth from being consumed and degrading service for others.-http://www.informationweek.com/news/security/management/showArticle.jhtml?articleID=222300255-http://www.msnbc.msn.com/id/34766389/ns/technology_and_science-security/

[Editor's Note (Ullrich): To defend against this and other attacks, DNS sinkholes can be helpful. See -http://isc.sans.org/diary.html?storyid=7930 for details on how to setup such a sinkhole. ]Stephen Northcutt is teaching leadership onlineFebruary 16 - 18, 2010This is the course I wish I had taken 30 years ago. Folks, it doesn't make sense to wait till you are in a management position to focus on your management and leadership skills. Leadership is a race of endurance, not a sprint; you want to start early and be persistent. If you can improve one or two percent in a year, that is a major achievement. This course will set you on the path. It is a solid blend of tons of research as well as personal experience from a number of leaders in information security. http://www.sans.org/vlive/details.php?nid=21223

Eugene Schultz, Ph.D., CISM, CISSP is CTO of Emagined Security and the author/co-author of books on Unix security, Internet security, Windows NT/2000 security, incident response, and intrusion detection and prevention. He was also the co-founder and original project manager of the Department of Energy's Computer Incident Advisory Capability (CIAC)

John Pescatore is Vice President at Gartner Inc.; he has worked in computer and network security since 1978.

Stephen Northcutt founded the GIAC certification and currently serves as President of the SANS Technology Institute, a post graduate level IT Security College, http://www.sans.edu.

Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm Center and Dean of the Faculty of the graduate school at the SANS Technology Institute.

Ed Skoudis is co-founder of Inguardians, a security research and consulting firm, and author and lead instructor of the SANS Hacker Exploits and Incident Handling course.

Rohit Dhamankar is the Director of Security Research at TippingPoint, where he leads the Digital Vaccine and ThreatLinQ groups. His group develops protection filters to address vulnerabilities, viruses, worms, Trojans, P2P, spyware, and other applications for use in TippingPoint's Intrusion Prevention Systems.

Prof. Howard A. Schmidt is the President of the Information Security Forum (ISF) and author who has served as CSO for Microsoft and eBay and as Vice-Chair of the President's Critical Infrastructure Protection Board.

Tom Liston is a Senior Security Consultant and Malware Analyst for Inguardians, a handler for the SANS Institute's Internet Storm Center, and co-author of the book Counter Hack Reloaded.

Dr. Eric Cole is an instructor, author and fellow with The SANS Institute. He has written five books, including Insider Threat and he is a senior Lockheed Martin Fellow.

Ron Dick directed the National Infrastructure Protection Center (NIPC) at the FBI and is the incoming President of the InfraGard National Members Alliance - with 22,000 members.

Mason Brown is one of a very small number of people in the information security field who have held a top management position in a Fortune 50 company (Alcoa). He is leading SANS' global initiative to improve application security.

David Hoelzer is the director of research & principal examiner for Enclave Forensics and a senior fellow with the SANS Technology Institute.

Mark Weatherford, CISSP, CISM, is Chief Information Security Officer of the State of California.

Alan Paller is director of research at the SANS Institute

Marcus J. Ranum built the first firewall for the White House and is widely recognized as a security products designer and industry innovator.

Clint Kreitner is the founding President and CEO of The Center for Internet Security.

Brian Honan is an independent security consultant based in Dublin, Ireland.

David Turley is SANS infrastructure manager and serves as production manager and final editor on SANS NewsBites.

Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/